4. Work with directories
A second major control applied to FTP Server Exit Programs is
the validation of the "directoty" (Directory) object of the client FTP request.
Every time an FTP request is received, the directory (directory) explicitly opr impliciylt mentioned in the request
is checked versus a list of allowed directories.
If such directory is not found not in the list of allowed directories, the FTP request is rejected.
NOTE 1 - If the client IP address is detected as being a privileged one,
directory checks do not take place and any directory is accepted.
There are two types of allowed directories:
- Public allowed directories
Access to these directories is allowed to all the user profiles defined to SECTCP via Work with user profiles.
- Private allowed directories
Access to these directories is allowed only to specified SECTCP-defined user profiles.
Note - Each user profile allowed to access a given private directory can be assigned restrictions on its FTP operations on that directory
(example: read-only (receive-only)) through SECTCP-defined data authorities *R, *W, *X.
Detail information available in the help screens.
Option 4 (Work with allowed directories) from the "Secured Tcp" Menu (see Figure 2)
allows to maintain the list of the allowed directories.
The menu for defining allowed directories looks as follow:
Secured FTP EASY400
Work with allowed directories
Select one of the following and press Enter
1. Public allowed directories
2. Private allowed directories
Your selection ==> _
F3=Exit F12=Previous F22=Command entry
|
Figure 5 - Menu for defining allowed directories |
Several screens are available to add and to remove public and private allowed directories.
All screens feature help text.
- To make up a generic directory name, just enter its initial characters. For instance,
/MMAIL/TEMP will allow access to any directory starting by the same characters,
e.g. /mmail/temp/subdirx .
- Directory names imbedding asterisks or ending with an asterisk (e.g. /mmail/temp/sub*) do not work.
- To allow access to a library, use the IFS notation. As an example, to allow to access library QGPL,
enter /QSYS.LIB/QGPL.LIB as an allowed domain.
- To allow access to all libraries, enter /QSYS.LIB as an allowed domain.
- By specifying the root directory / as an allowed domain,
you allow to access all directories and all libraries in the system.
|